Method and device for modifying software in a control unit and corresponding control unit

ABSTRACT

A method and device for changing software in a first memory area in a control unit for controlling operational sequences, the execution of old software parts being replaced by the execution of new software parts and the old software parts being written into the first memory area, the new software parts being written into a second memory area and, due to a first branching in the first memory area, instead of the old software parts being executed in the first memory area, the new software parts are executed in the second memory area, the system, following the execution of the new software parts, branching back again into the first memory area via a second branching in the second memory area and the execution of the other software distinct from the old software parts being continued in the first memory area, the old software parts remaining in the first memory area.

FIELD OF THE INVENTION

The present invention relates to a method and a device for changingsoftware in a first memory area in a control unit as well as acorresponding control unit and a computer program for implementing themethod.

BACKGROUND INFORMATION

In the automotive industry in particular, evermore complex functions areimplemented in the individual control units with the aid of software.More and more frequently it is necessary to incorporate changes of thesoftware in the control unit just prior to or also following thedelivery to end customers. The changes of the software of a control unitare generally handled in such a way that the changes are incorporatedinto a new software integration version and that this newly preparedsoftware is loaded completely into the control unit, in particular bystoring it in a so-called flash EPROM memory, i.e. by flashing. Due tothe existing size of the software, flashing a control unit, for example,now already takes up to 30 minutes. Due to the sharp increase infunctions and functionality, and hence due to an even greater softwaresize and a greater number of software packages, this time will increaseeven more dramatically in the future.

SUMMARY OF THE INVENTION

Therefore, it is an objective of the present invention to reduce thistime requirement for flashing a control unit, which will result inadditional advantages as well.

The present invention relates to a method and a device for changingsoftware in a first memory area in a control unit for controllingoperational sequences, particularly in a vehicle, as well as in acorresponding control unit, the execution of old software being replacedby the execution of new software parts and the old software parts beingwritten into the first memory area. In most cases the software changes,in particular changes of the program code, are small in comparison tothe portion of the software that requires no change. Advantageously, theportions to be changed or generally only parts of a software are nowloaded in a targeted manner into the control unit, these software partsbeing also referred to as patch containers in the specification or beingcontained in such a patch container.

That is, suitably, only the new software parts are written into a secondmemory area, where, due to a first branching in the first memory area,instead of the old software parts being executed in the first memoryarea, the new software parts in the second memory area are executed and,following the execution of the new software parts, due to a secondbranching in the second memory area, the system branches back again intothe first memory area, the execution of the additional software that isdistinct from the old software parts being continued in the first memoryarea and the old software parts remaining in the first memory area.

That is to say, to implement the changes of the existing software, thatis, the old software parts, a patch manager, in particular a centralpatch manager, is installed, with the aid of which the parts of thesoftware to be changed may be changed in a targeted manner by entry andexit. On the one hand, this advantageously allows for a marked reductionof the extensive time needed for flashing large software sections orsoftware parts, since on the one hand, as already hinted at above, it isnot the entire software that is newly written in and on the other handalso the time required for changing the software, that is, particularlyto erase it and to write it in anew, is economized.

This additionally results in a higher flexibility in changing softwareand software parts and on the other hand in a reduced susceptibility toerror by the fact that software parts are overwritten or erased andnewly written-in as little as possible.

This is suitably implemented particularly in that the second memoryarea, that is, the patch container area, is only used for receiving thenew software parts and for integrating them into the program run or thesoftware execution.

For this purpose, suitably, the first branching and the second branchingmay be implemented by at least one chained list. Chained lists in thiscontext provide a space-saving opportunity to store data, particularlyof software parts, which have at the same time a temporal as well as alogical order. Since, in this manner, there may be several versions ofcomparable or identical software parts, chained lists are a goodapproach for storing versions of different software parts, the number ofwhich cannot be determined in advance. In the case of chained lists, forevery version of a software part or for every software part there is apointer or a reference to the next version of this software part. Aspecial pointer state may be used for coding in case the associatedversion is the most current version of the respective software part.Likewise, this special pointer state may be used as identification or anidentifier for the respective software part. In this context, relativeor absolute addresses are used as a reference. Thus, in the case of achained list, together with a respectively stored software part ortogether with an information unit such as a data record containing thesoftware part, a reference to the storage location of the respectivelynext logically connected information unit is stored, particularly hereeither the next new software part or data record having the new softwarepart or also the additional software following the old software part.Thus, the storage locations can also only be occupied at the time, atwhich the information to be stored or to be newly executed is available.Thus it is also possible to assign to this information the respectivelynext free storage location, whereby this procedure also results in acontinuous usage of the memory.

Expediently, a start address of the new software parts is now used asthe first branching, quasi for the exit from the first memory area, withwhich start address the old software parts, that is, the software parts,that is, the software parts to be changed, can be at least partiallyoverwritten. Alternatively, memory space may also be provided forintegrating the exit address in the first memory area. Thus, in thefirst memory area an exit is set into or towards the patch container. Asa second branching, quasi as a return, a start address of the additionalsoftware that is distinct from the old software parts is then used in anadvantageous manner such that, immediately following the jumping aroundof the old software parts, the additional, subsequent software in thefirst memory area is used or executed.

The new software parts advantageously contain information indicatingwhich old software parts are to be replaced and/or informationindicating with which new software parts the old software parts are tobe replaced. Expediently, for this purpose, the second memory area, thatis, in particular every input patch container in a patch table, whichcontains the new software parts as well as possibly additionalinformation, contains in addition to at least one new software part anaddress for the first branching, an address for the second branching andan address for the start of the old software part that is to be replacedby the at least one new software part. As additional information,advantageously the length of the at least one new software part and/oralso of the at least one old software part may be contained in the patchcontainer as well. These elements, that is, an address for the firstbranching, an address for the second branching, an address for the startof the old software part as well as possibly the length of the newsoftware part and/or of the old software part may be integrated into adata record in the patch container, that is, in the second memory area,particularly in the patch table. Thus, the information required forreplacing an old software part is expediently integrated into such adata record for every old software part.

For this purpose, advantageously, the first memory area may beimplemented as a first table and the second memory area as a secondtable (patch table) in the same memory.

For this purpose, it is also possible to divide the first memory areaand the second memory area expediently into two software sections ofequal size, it being possible for a new software part to be written intoeach software section of the second memory area.

Expediently, also each data record or each software section according tothe specific embodiment may then receive an identification, which allowsfor an allocation of an old software part and of a new software partreplacing it.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 shows a control unit having suitable software, in which oldsoftware parts are replaced by new software parts.

FIG. 2 shows the first memory area having the control unit software aswell as the patch container according to the present invention.

FIG. 3 shows an exemplary data record in the patch container.

DETAILED DESCRIPTION

FIG. 1 shows a control unit 100 having a processing unit 101,particularly a microcontroller as well as memory arrangement 102,particularly divided into two memory areas 103 and 104. These memoryareas 103 and 104 may exist in the same memory or in different memoriesof control unit 100. Via an interface 105, which may represent inaddition to a wired also a wireless connection, the appropriate newsoftware parts are introduced from a source 106, for example, anothercomputer, by second memory arrangement 107 into control unit 100. Due tothe fact that only the data to be changed are transmitted, that is, onlythe new software parts and not the entire software, which results insignificantly lower transmission rates, it is possible to use inparticular also air interfaces, that is, radio, ultrasound, infraredetc. In addition, however, wired transmission is also possible at thislocation.

FIG. 2 now shows a first memory area 200 and a second memory area 201,in particular in the form of a table. The first memory area containscells or software sections 205 through 216. The respective addresses ofcells 205 through 216 are in each instance stored in block 203.Likewise, a second memory area 201, that is, the patch table, containsseveral cells 217 through 223, likewise software sections, in which theso-called patch containers may be stored. Here too, correspondingaddresses are stored in block 204 with regard to the respective cell,that is, to the respective patch container.

As may be seen in FIG. 2, in the old software parts from first memoryarea 200, following software section 207, an exit is generated insoftware section 208 to patch table 201. For this purpose, the oldsoftware part 208 is overwritten at least partially with the exitaddress, that is, the branching to software section 218. That is to say,the first change A1 starts with a branching V1A1 from first memory area200 into second memory area 201. Following the execution of softwaresections 218, 219, from software section 220 the system branches back orreturns again by a second branching V2A1 into the first memory area,software section 210. Thus, in this manner, the old software parts insoftware sections 208 and 209 may be replaced by the new software partsin sections 218 and 219, that is, jumped around. In the process, the oldsoftware parts in sections 208 and 209 are preserved in the first memoryarea.

A second change A2, for example, shows an exit to section 212 at thestart of section 223 in second memory area 201 and a return to the startof memory section 214. That is to say, due to first branching V1A2 andthe return or second branching V2A2, software section 213 is replaced bysoftware section 223 with respect to the software execution, the oldsoftware part in software section 213 again being at least partiallypreserved. Only that part is replaced that contains the jump address forthe patch table.

To generate this state, as just described with reference to FIG. 2,information is required as to which software parts, that is, oldsoftware parts from memory area 200, are to be changed in what way. Thisinformation is loaded into patch table 201.

Using a patch manager, the address references between memory area 200and memory area 201 are established in a restart of the control unit.The patch manager may be accommodated e.g. in the boot loader, that is,in the start program, which is executed during the start-up of thecontrol unit. Depending on the resources, the patch table may contain aplurality of information within the scope of the patch manager,according to the exemplary embodiment and/or exemplary method of thepresent invention. This information, these elements may be integrated inindividual data records, as shown in FIG. 3. The manager may also beimplemented by processing unit 101 of the control unit itself in thatthe respective information is stored in the patch container.

To generate the data records for the patch table, an auxiliary devicelends itself, particularly in computer 106, which analyzes the changesof the source code and generates the data records or the software partsfor the patch table accordingly. These data records, for example, aremade up of an exit address, the original software, that is, the oldsoftware parts, a destination address for the patch table, that is, areference to a patch container, the new software part, that is, forexample, changed or new hexadecimal code, for example also the length ofthe changed program code, that is, the length of the old software partor also the length of the new program code, that is, the new softwarepart as well as the return address into the first storage area, that is,to the additional software distinct from the old software part, that is,in particular into the original program. Furthermore, an identifier oran identification may be assigned to a patch container and thus becontained in the data record.

At the same time, not all of the mentioned information is necessary forimplementing the method according to the present invention. Thus the endaddress, for example, may be determined from the start address and thelength of the software part. Nevertheless, the use of the informationmay either mean a time advantage, since it is not necessary to calculatean address, or redundant information in this connection may allow for averification of the software change and thus for increased reliability.

In the same way, with a patch manager constructed in this manner it isalso possible to reverse a change in the software. In such a reversal,memory space could then be provided in the first memory area for exitaddresses, so that in a reuse of the old software part, the latter isnot partially overwritten.

As an example of such a patch container or data record, block 300 isrepresented in FIG. 3. In this instance, 301 indicates a programaddress, that is, the address of the old software part to be replaced,while block 302 indicates the address in the patch table. Block 303indicates the new in particular program code, that is, the new softwarepart, which is to replace the old software part. Block 304, for example,indicates the length of the new software part, that is the code lengthin bits, bytes or any other quantity, and block 305 finally shows thereturn address to the other software parts, that is, in particular tothe original program in first memory area 200.

In addition, as already mentioned, an identification, that is, anidentifier may also be included, for example instead of the code lengthspecification or also in addition to it. Such a patch container as block300 or the entire patch table may be loaded very easily via a bus systeminto the control unit, e.g. via a CAN bus system with the CAN messages.If an identification or an identifier is used as discussed, that is, ifit is assigned to a patch container, then it is possible in a verytargeted manner to change the changes, e.g. error messages fromcustomers, to track the changes and also to establish and also store ahistory of the changes without losing the transparency of the stabletested program code, that is, the error-free software. If a correctiondoes not display the desired reaction, then it is easy to restore theold state, that is, simply to remove the patch container. Due to the lowdata rate, which serves the method according to the present invention, asimple correction or extension of the software is also possible via theair interface, as already mentioned.

Furthermore, it is advantageous to segment the memory area for the data,that is, the software, into data files of equal size, that is, softwaresections of equal size, which then likewise, as in the method asdescribed above, are chained together and are stored for the changes inthe patch table. That is to say, the cells or data packets or thesoftware stored within them in first memory area 200 and in secondmemory area 201 do not necessarily have to be of equal size, rather thisis managed via the addresses and the patch management. It may beadvantageous, however, to use software sections of equal size for thefirst and the second memory area and always to exchange such completesoftware sections as a data record or to replace the old software partsby the new.

The above described exemplary embodiments and/or methods of the presentinvention in all of its developments thus yields an incremental flashingof a control unit having all of the mentioned advantages.

1-18. (canceled)
 19. A method for changing software in a first memoryarea in a control unit for controlling operational sequences, the methodcomprising: replacing execution of old software parts with execution ofnew software parts; and writing the old software parts into the firstmemory area; wherein the new software parts are written into a secondmemory area and, due to a first branching in the first memory area,instead of the old software parts being executed in the first memoryarea, the new software parts are executed in the second memory area, thecontrol unit, following the execution of the new software parts,branching back again into the first memory area via a second branchingin the second memory area and the execution of the other softwaredistinct from the old software parts being continued in the first memoryarea, the old software parts remaining in the first memory area.
 20. Themethod of claim 19, wherein the second memory area is only used toreceive the new software parts.
 21. The method of claim 19, wherein thefirst branching and the second branching are implemented by at least onechained list.
 22. The method of claim 19, wherein as a first branching astart address of the new software parts is used, this being used tooverwrite at least partially the old software parts.
 23. The method ofclaim 19, wherein as the second branching a start address of theadditional software distinct form the old software parts is used. 24.The method of claim 19, wherein the new software parts containinformation that indicate which old software parts are to be replaced.25. The method of claim 19, wherein the new software parts containinformation that indicate by which new software parts the old softwareparts are to be replaced.
 26. The method of claim 19, wherein the secondmemory area, in addition to at least one new software part, contains anaddress for the first branching, an address for the second branching andan address for the start of the old software part, which is to bereplaced by the at least one new software part.
 27. The method of claim26, wherein the second memory area furthermore contains the length of atleast one of the at least one new software part and of the at least oneold software part.
 28. The method of claim 27, wherein the addresses areintegrated into a data record in the second memory area.
 29. The methodof claim 28, wherein at least two old software parts and the at leasttwo new software parts, which replace these, are provided, the addressesbeing respectively integrated into one data record and written into thesecond memory area.
 30. The method of claim 19, wherein as the firstmemory area a first table and as the second memory area a second tableare provided in the same memory.
 31. The method of claim 19, wherein thefirst memory area and the second memory area are divided into twosoftware sections of equal size, a new software part being written intoeach software section of the second memory area.
 32. The method of claim28, wherein every data record or every software section is provided withan identification.
 33. The method of claim 32, wherein theidentification for a software section in the first memory area, whichcontains an old software part, and the identification for thecorresponding software section having the new software part, whichreplaces the old software part, are the same.
 34. A device for changingsoftware in a first memory area in a control unit for controllingoperational sequences, the device comprising: a control unit forreplacing the execution of old software parts with the execution of newsoftware parts, and the old software parts being written into the firstmemory area, wherein an arrangement is included, which writes the newsoftware parts into a second memory area and a first branching into thefirst memory area, whereby, instead of the old software parts beingexecuted in the first memory area, the new software parts are executedin the second memory area, the arrangement also writing a secondbranching into the second memory area, whereby, following the executionof the new software parts, the control unit branches back again into thefirst memory area and the execution of the additional software distinctfrom the old software parts is continued in the first memory area, theold software parts remaining in the first memory area.
 35. A controlunit comprising: a first memory area, in which old software parts andadditional software parts distinct from the old software parts arestored; a second memory area, which contains new software partsreplacing the old software parts; and an arrangement to write the newsoftware parts into a second memory area and a first branching into thefirst memory area, whereby, instead of the old software parts beingexecuted in the first memory area, the new software parts are executedin the second memory area, the arrangement also writing a secondbranching into the second memory area, whereby, following the executionof the new software parts, the control unit branches back again into thefirst memory area and the execution of the additional software distinctfrom the old software parts is continued in the first memory area, theold software parts remaining in the first memory area.
 36. A computerprogram executable in a control unit, comprising: program code forchanging software in a first memory area in a control unit forcontrolling operational sequences, by performing the following:replacing execution of old software parts with execution of new softwareparts; and writing the old software parts into the first memory area;wherein the new software parts are written into a second memory areaand, due to a first branching in the first memory area, instead of theold software parts being executed in the first memory area, the newsoftware parts are executed in the second memory area, the control unit,following the execution of the new software parts, branching back againinto the first memory area via a second branching in the second memoryarea and the execution of the other software distinct from the oldsoftware parts being continued in the first memory area, the oldsoftware parts remaining in the first memory area.